US20200351328A1 - Data transmission method, device, equipment, and readable storage medium - Google Patents

Data transmission method, device, equipment, and readable storage medium Download PDF

Info

Publication number
US20200351328A1
US20200351328A1 US16/765,146 US201816765146A US2020351328A1 US 20200351328 A1 US20200351328 A1 US 20200351328A1 US 201816765146 A US201816765146 A US 201816765146A US 2020351328 A1 US2020351328 A1 US 2020351328A1
Authority
US
United States
Prior art keywords
gateway
data
clusters
cloud
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US16/765,146
Inventor
Qingyong QIU
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Kingsoft Cloud Network Technology Co Ltd
Beijing Kingsoft Cloud Technology Co Ltd
Original Assignee
Beijing Kingsoft Cloud Network Technology Co Ltd
Beijing Kingsoft Cloud Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Kingsoft Cloud Network Technology Co Ltd, Beijing Kingsoft Cloud Technology Co Ltd filed Critical Beijing Kingsoft Cloud Network Technology Co Ltd
Assigned to BEIJING KINGSOFT CLOUD NETWORK TECHNOLOGY CO., LTD., BEIJING KINGSOFT CLOUD TECHNOLOGY CO., LTD. reassignment BEIJING KINGSOFT CLOUD NETWORK TECHNOLOGY CO., LTD. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: QIU, Qingyong
Assigned to BEIJING KINGSOFT CLOUD NETWORK TECHNOLOGY CO., LTD., BEIJING KINGSOFT CLOUD TECHNOLOGY CO., LTD. reassignment BEIJING KINGSOFT CLOUD NETWORK TECHNOLOGY CO., LTD. CORRECTIVE ASSIGNMENT TO CORRECT THE RECEIVING PARTY DATA PREVIOUSLY RECORDED AT REEL: 052714 FRAME: 0234. ASSIGNOR(S) HEREBY CONFIRMS THE ASSIGNMENT. Assignors: QIU, Qingyong
Publication of US20200351328A1 publication Critical patent/US20200351328A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4604LAN interconnection over a backbone network, e.g. Internet, Frame Relay
    • H04L12/462LAN interconnection over a bridge based backbone
    • H04L12/4625Single bridge functionality, e.g. connection of two networks over a single bridge
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/64Routing or path finding of packets in data switching networks using an overlay routing layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/66Layer 2 routing, e.g. in Ethernet based MAN's
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
    • H04L67/1004Server selection for load balancing
    • H04L67/1014Server selection for load balancing based on the content of a request
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/329Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security

Definitions

  • This Application pertains to the technical field of cloud computing, and in particular to a method, an apparatus, a device for transmitting data, and a readable storage medium.
  • Cloud computing is a flexible resource organization and provision method for information technology (referred to as “IT” for short), which can flexibly allocate large-scale server resources and quickly respond to concurrent requests or tasks from a lot of users.
  • IT information technology
  • Many large multinational companies have already begun to migrate their businesses to cloud computing platforms.
  • many well-known companies have successively built corresponding cloud computing centers on their own data centers and taken them as main development strategies in the future.
  • Emerging Internet companies are considering turning their attention to public clouds as provided by Amazon, Dropbox, etc., to process their own business.
  • Advantages of high availability, easy expansibility, and low service cost or the like of the cloud computing quickly make it favored by a large number of IT enterprises.
  • higher requirements are inevitably placed on data center networks.
  • gateways for data transmission are shared by all users in the network, that is, data from all users may be transmitted through each gateway. If some illegal users deliberately launch attacks to destroy a data forwarding function of a gateway, it is very likely to cause problems such as data leakage or data transmission crash or the like.
  • the purpose of the present application is to provide a method, an apparatus, a device for transmitting data, and a readable storage medium, so as to improve the security of data transmission.
  • an embodiment of the present application provides a method for transmitting data, which is applied to an intranet switch in a cloud computing network system.
  • the system includes the intranet switch, at least two gateway clusters, and a plurality of data receivers having a binding relationship with the at least two gateway clusters, and each of the gateway clusters includes a plurality of gateways.
  • the method includes: receiving data from a public network, and determining receiver information for the data according to information contained in the received data; determining a target gateway cluster corresponding to the receiver information according to the receiver information and a preset binding relationship between data receivers and gateway clusters; determining a target gateway from the target gateway cluster according to a preset rule; and sending the received data to the target gateway, to cause the target gateway to forward the received data to a data receiver corresponding to the receiver information.
  • an embodiment of the present application provides a method for transmitting data which is applied to a cloud host in a cloud computing network system.
  • the system includes an intranet switch, at least two gateway clusters, and a plurality of cloud hosts having a binding relationship with the at least two gateway clusters, and each of the gateway clusters includes a plurality of gateways.
  • the method includes: determining, by a cloud host as a data sender, a target gateway according to a preset binding relationship between data senders and gateway clusters, wherein the target gateway is a gateway in a gateway cluster bound to the cloud host; and sending, by the cloud host, data to the target gateway, to cause the target gateway to send the data to the corresponding intranet switch.
  • an embodiment of the present application provides an apparatus for transmitting data which is applied to an intranet switch in a cloud computing network system.
  • the system includes the intranet switch, at least two gateway clusters, and a plurality of data receivers having a binding relationship with the at least two gateway clusters, and each of the gateway clusters includes a plurality of gateways.
  • the apparatus includes: a data receiving module, configured for receiving data from a public network, and determining receiver information for the data according to information contained in the received data; a target gateway cluster determination module, configured for determining a target gateway cluster corresponding to the receiver information according to the receiver information and a preset binding relationship between data receivers and gateway clusters; a target gateway determination module, configured for determining a target gateway from the target gateway cluster according to a preset rule; and a data forwarding module, configured for sending the received data to the target gateway, to cause the target gateway to forward the received data to a data receiver corresponding to the receiver information.
  • a data receiving module configured for receiving data from a public network, and determining receiver information for the data according to information contained in the received data
  • a target gateway cluster determination module configured for determining a target gateway cluster corresponding to the receiver information according to the receiver information and a preset binding relationship between data receivers and gateway clusters
  • a target gateway determination module configured for determining a target gateway from the target gateway cluster according to a preset
  • an embodiment of the present application provides an apparatus for transmitting data, which is applied to a cloud host in a cloud computing network system.
  • the system includes an intranet switch, at least two gateway clusters, and a plurality of cloud hosts having a binding relationship with the at least two gateway clusters, and each of the gateway clusters includes a plurality of gateways.
  • the apparatus includes: a gateway determination module, configured for determining a target gateway according to a preset binding relationship between data senders and gateway clusters, wherein the target gateway is a gateway in a gateway cluster bound to the cloud host; and a data sending module, configured for sending data to the target gateway, to cause the target gateway to send the data to the corresponding intranet switch.
  • an embodiment of the present application provides a readable storage medium for storing a plurality of instructions, wherein the plurality of instructions are executed on a computer to cause the computer to carry out the method for transmitting data according to the first aspect.
  • an embodiment of the present application provides a readable storage medium for storing a plurality of instructions, wherein the plurality of instructions are executed on a computer to cause the computer to carry out the method for transmitting data according to the second aspect.
  • an embodiment of the present application provides a device for transmitting data.
  • the device includes a memory and a processor, wherein the memory is configured for storing executable program codes, and the processor is configured for reading the executable program codes stored in the memory to carry out the method for transmitting data according to the first aspect.
  • an embodiment of the present application provides a device for transmitting data.
  • the device includes a memory and a processor, wherein the memory is configured for storing executable program codes, and the processor is configured for reading the executable program codes stored in the memory to carry out the method for transmitting data according to the second aspect.
  • a computer program product containing instructions is provided.
  • the product is executed on a computer, to cause the computer to carry out the method for transmitting data according to the first aspect.
  • a computer program product containing instructions is provided.
  • the product is executed on a computer, to cause the computer to carry out the method for transmitting data according to the second aspect.
  • a computer program is provided.
  • the program is executed on a computer, to cause the computer to carry out the method for transmitting data according to the first aspect.
  • a computer program is provided.
  • the program is executed on a computer, to cause the computer to carry out the method for transmitting data according to the second aspect.
  • Embodiments of the present application provide a method, an apparatus, a device for transmitting data, and a readable storage medium.
  • the intranet switch first receives data from a public network, and determines receiver information for the data according to information contained in the received data; determines a target gateway cluster corresponding to the receiver information according to the receiver information and a preset binding relationship between data receivers and gateway clusters; then determines a target gateway from the target gateway cluster according to a preset rule; and then sends the received data to the target gateway to cause the target gateway to forward the received data to a data receiver corresponding to the receiver information.
  • gateway clusters with different security levels can be preset in advance according to user requirements, and user data with different security requirements is forwarded through different gateway clusters, which effectively improves the security of data transmission.
  • FIG. 1 is a structural diagram of a cloud computing network system according to an embodiment of the present application
  • FIG. 2 is a flowchart of a method for transmitting data according to a first embodiment of the present application
  • FIG. 3 is a flowchart of a method for transmitting data according to a second embodiment of the present application
  • FIG. 4 is a structural block diagram of an apparatus for transmitting data according to a third embodiment of the present application.
  • FIG. 5 is a structural block diagram of an apparatus for transmitting data according to a fourth embodiment of the present application.
  • FIG. 6 is a structural diagram of an intranet switch or a host machine according to an embodiment of the present application.
  • FIG. 1 is a structural diagram of a cloud computing network system 100 according to an embodiment of the present application.
  • the system includes an intranet switch, at least two gateway clusters, and a plurality of data receivers having a binding relationship with the at least two gateway clusters.
  • a gateway cluster is composed of a plurality of gateways belonging to this gateway cluster.
  • the intranet switch is also called an intranet kernel, which is an inlet and outlet in the cloud computing network system 100 for data transmission between a data receiver (such as a cloud host) and a public network.
  • the gateway is a physical server. In practice, a plurality of gateways may be combined into a gateway cluster as required.
  • One virtual IP address (referred to as “vip” for short) is assigned to gateways in each gateway cluster, that is, each gateway in the gateway cluster corresponds to the same vip, and each gateway in the gateway cluster has its own IP address different from the above vip.
  • the cloud host is a virtual machine running on a host machine (a physical machine), and a plurality of cloud hosts may run on a host machine.
  • FIG. 1 is only schematic. All the devices are not directly connected physically, and thus data will pass through other devices during network transmission.
  • a gateway and a host machine may be interconnected via a switch.
  • the cloud computing network system 100 may further include more or fewer components than those shown in FIG. 1 , or have a configuration different from that shown in FIG. 1 .
  • FIG. 2 is a flowchart of a method for transmitting data according to the first embodiment of the present application.
  • the method is applicable to the intranet switch of the above cloud computing network system 100 .
  • the method includes following steps.
  • Step S 110 receiving data from a public network, and determining receiver information for the data according to information contained in the received data.
  • the data from the public network is first forwarded through the intranet switch.
  • the data packet includes an IP address of the data sender and an IP address of the data receiver, and also includes a media access control (referred to as “MAC” for short) address of the data sender and a MAC address of the data receiver.
  • the intranet switch may forward the data according to the MAC address of the data receiver.
  • the intranet switch searches stored flow table information, which may be understood as routing information for data transmission.
  • the MAC address and IP address of the data receiver are thus obtained by searching the flow table information, and then the data is forwarded to the data receiver.
  • the data receiver in the first embodiment of the present application may refer to a cloud host in the intranet.
  • Step S 120 determining a target gateway cluster corresponding to the receiver information according to the receiver information and a preset binding relationship between data receivers and gateway clusters.
  • the intranet switch After receiving the data, the intranet switch finds, by means of the flow table information, that the data also needs to be sent to a corresponding gateway for forwarding, in order to send the data to the data receiver (such as a cloud host).
  • a corresponding gateway for forwarding, in order to send the data to the data receiver (such as a cloud host).
  • a problem of low data security is caused due to the sharing of gateways by all users.
  • some high-risk users which may have unknown abnormality packages due to their different business forms, some individual users, blacklisted users, or the like deliberately launch attacks to disable a gateway, which may affect most other users. Therefore, in order to avoid interference caused by data from other users on a public gateway and improve the security of data transmission, all gateways are divided to different gateway clusters in advance, that is, gateway clusters with different security levels are preset in advance, so that user data with different security requirements may be forwarded through a specific gateway cluster to ensure the security of user data transmission.
  • a binding relationship between cloud hosts and gateway clusters may be set according to the cloud hosts, and a binding relationship between users and different gateway clusters may be set according to the users.
  • FIG. 1 an example of setting the binding relationship between users and gateway clusters according to the users is taken.
  • user 1 is host machine 1
  • user 2 is host machine 2 .
  • All cloud hosts in the host machine 1 are bound to gateway cluster 1
  • all cloud hosts in the host machine 2 are bound to gateway cluster 2 .
  • Data from the user 1 is transmitted via a corresponding gateway in the gateway cluster 1 .
  • Data from the user 2 is transmitted via a corresponding gateway in the gateway cluster 2 .
  • both the user 1 and user 2 may be bound to one gateway cluster, such as gateway cluster 1 , thus data from the user 1 and user 2 is transmitted via a corresponding gateway in the gateway cluster 1 .
  • An example of setting the binding relationship between cloud hosts and gateway clusters according to the cloud hosts is taken. For example, all cloud hosts in host machine 1 are bound to gateway cluster 1 , or a part of cloud hosts in the host machine 1 are bound to the gateway cluster 1 , and the remaining of cloud hosts are bound to gateway cluster 2 .
  • one cloud host is bound to one gateway cluster, that is, data transmission between this cloud host and the public network is performed through a corresponding gateway in this gateway cluster.
  • the binding relationship between users and gateway clusters is set according to the users, if a user is bound to a target gateway cluster first, in order to prevent gateways of the target gateway cluster from malfunctioning or being congested during work, the user may perform data transmission through a backup gateway cluster.
  • the system administrator may modify the binding relationship between users and gateway clusters to make this user be bound to the backup gateway cluster, so that data may be migrated from the target gateway cluster to the backup gateway cluster for transmission.
  • the system also includes a server (not shown in FIG. 1 ) installed with a Software Defined Network (referred to as “SDN” for short) controller.
  • SDN Software Defined Network
  • the SDN controller in the server binds data receivers (cloud hosts) to gateway clusters matched them in advance according to user requirements to obtain the preset binding relationship between data receivers (cloud hosts) and gateway clusters, and then sends the binding relationship to the intranet switch.
  • gateway cluster 1 If user 1 needs to bind cloud host 1 - i to gateway cluster 1 , then the cloud host 1 - i is bound to gateway 1 - i in the gateway cluster 1 .
  • SDN is a new network innovation architecture of Emulex network, and an implementation of network virtualization. Its core technology, OpenFlow, realizes flexible control of network traffic by separating a control plane and data plane of a network device, making the network more smart as a pipeline.
  • SDN controller The architecture of SDN is divided into an application layer, a control layer (SDN controller) and a forwarding layer (infrastructure layer), which forwards and controls data based on an OpenFlow protocol.
  • This protocol provides a standard interface to enable the SDN controller and a network switching device (an intranet switch, a gateway, etc.) to communicate with each other.
  • An SDN forwarding layer software module and an SDN control layer software module are deployed on a gateway, and the gateway transmits data flows in the north-south direction of the SDN network (vertical communication, or external network communication, or communication between the public network and the host in the intranet). Furthermore, there are main components of a series of network virtualization products (such as eip, nat, slb).
  • An SDN forwarding layer software module and an SDN control layer software module are also deployed on a host machine. The SDN forwarding layer software module and the SDN control layer software module are controlled by a server installed with an SDN controller.
  • the binding process between a cloud host and a gateway cluster is controlled and implemented by the SDN controller.
  • a specific example is taken for illustration. Taking a public cloud product as an example, a user purchases a cloud host and binds the cloud host with an eip.
  • the eip is an elastic IP of the cloud host.
  • the eip may be understood as the IP address of the cloud host.
  • the SDN control layer software modules on the gateway and the host machine are controlled by the SDN controller to generate corresponding configuration information according to the binding relationship between the cloud host and the eip, and the SDN forwarding layer software modules on the gateway and the host machine perform corresponding processes according to the configuration information.
  • the SDN controller sends the binding relationship to the intranet switch.
  • the eip of a user's cloud host is 120.1.1.1.
  • the user may send one configuration instruction to the SDN controller through a control interface of the terminal.
  • the SDN controller automatically configures one piece of mapping information to bind the cloud host to the gateway cluster, such as 120.1.1.1->10.1.1.1, and then sends the configuration information to the intranet switch. All gateways of this gateway cluster are also bound to this cloud host.
  • the SDN controller automatically configures one piece of mapping information according to the instruction sent by the user through the terminal to bind the cloud host to this gateway, such as 120.1.1.1->10.1.1.1->10.124.6.2.
  • the cloud host may be bound to a plurality of gateways, and each gateway may also be bound to a plurality of cloud hosts. In this way, the SDN controller implements the binding of the cloud host and the corresponding gateway cluster. Furthermore, the SDN controller automatically sends the configuration information to the intranet switch.
  • gateways there are two gateways, x1 (10.124.6.2) and x2 (10.124.6.3), and their corresponding vip is: 10.60.0.1.
  • the floating_ip also referred to as eip, elastic ip, which may be bound/unbound to/from any cloud host
  • the SDN controller issues 120.1.0.0/16 to the x1 and x2, and the configuration instruction is “inet 120.1.0.0/16 scope global dummy0”.
  • the SDN control layer software modules on the gateways x1 and x2 will automatically report their respective routing information to the intranet switch.
  • the intranet switch can obtain the following information:
  • a gateway cluster is automatically bound to a cloud host, and the cloud host is automatically bound to a gateway in the gateway cluster, through the SDN controller.
  • Step S 130 determining a target gateway from the target gateway cluster according to a preset rule.
  • the intranet switch In the process of receiving data by a data receiver (cloud host), if the intranet switch, after receiving the data, finds that the eip of the data receiver (cloud host) is 120.1.1.1 according to the configuration information, the intranet switch sends the data to a corresponding gateway in a gateway cluster (whose vip is 10.1.1.1) bound to the cloud host to forward the data.
  • the gateway cluster is used as the target gateway cluster, and a target gateway is determined from the target gateway cluster for forwarding the data.
  • the preset rule refers to a preset classless inter-domain routing (CIDR) longest prefix matching rule, which is to determine a target gateway.
  • CIDR classless inter-domain routing
  • any gateway in the gateway cluster is randomly selected for forwarding data.
  • CIDR is a method for creating additional addresses on the Internet. These addresses are provided to a service provider (ISP) and then assigned to users by the ISP. CIDR centralizes routings to enable one IP address to represent thousands of IP addresses served by a main backbone provider, thereby reducing the burden of internet routers.
  • ISP service provider
  • the CIDR longest prefix matching rule refers to IP longest prefix address matching, that is, network number matching.
  • IP of gateway 1 is 120.10.0.0/16
  • the IP of gateway 2 is 120.10.20.0/24
  • the eip of a cloud host bound to the gateway cluster is 120.10.20.3/24.
  • the network number of gateway 2 is matched with that of the cloud host, and data is thus sent preferably to the gateway 2 for forwarding the data. In case the gateway 2 is unavailable, the gateway 1 is selected for forwarding the data.
  • the intranet switch may search for the target gateway by related algorithms, such as a longest prefix matching algorithm based on hash tables, a segmented IP lookup table method based on longest prefix matching, and an Internet protocol version 6 (referred to as “IPV6” for short) longest prefix matching routing lookup algorithm, and so on.
  • a longest prefix matching algorithm based on hash tables
  • a segmented IP lookup table method based on longest prefix matching
  • IPV6 Internet protocol version 6
  • Step S 140 sending the received data to the target gateway, to cause the target gateway to forward the received data to a data receiver corresponding to the receiver information.
  • the intranet switch After determining the target gateway through the above rule, the intranet switch forwards the data to the target gateway, so that the target gateway obtains the MAC address and IP address of a data receiver (cloud host) from the data, and then searches the stored routing information, and sends the data to a data receiver (cloud host) corresponding to the receiver information according to the MAC address of the data receiver (cloud host).
  • the first embodiment of the present application provides a method for transmitting data.
  • the intranet switch first receives data from a public network, determines receiver information for the data according to information contained in the received data; determines a target gateway cluster according to the receiver information and a preset binding relationship between data receivers and gateway clusters; determines a target gateway from the target gateway cluster according to a preset rule; and then sends the received data to the target gateway to cause the target gateway to forward the received data to a data receiver corresponding to the receiver information.
  • the present method by binding data receivers and gateway clusters in advance, data sent from the public network to a data receiver can be forwarded through the target gateway in the corresponding target gateway cluster.
  • gateway clusters with different security levels can be preset in advance according to user requirements, and user data with different security requirements is forwarded through different gateway clusters, which effectively improves the security of data transmission.
  • FIG. 3 is a flowchart of a method for transmitting data according to the second embodiment of the present application.
  • the method is applicable to a cloud host of the above cloud computing network system 100 .
  • the method includes following steps.
  • Step S 210 determining, by a cloud host as a data sender, a target gateway according to a preset binding relationship between data senders and gateway clusters, wherein the target gateway is a gateway in a gateway cluster bound to the cloud host.
  • a cloud host When a cloud host sends data to a public network as a data sender, the cloud host needs to be bound to a gateway cluster in advance.
  • the system also includes a server installed with an SDN controller.
  • the cloud hosts run on a host machine.
  • the preset binding relationship between data senders and gateway clusters is a binding relationship between the cloud hosts and the gateway clusters that are matched with the cloud hosts, which is configured by the SDN controller in the server in advance on the host machine for the cloud hosts according to user requirements.
  • Cloud host vm-1 host machine: HOST1; mac: fa:16:3e:27:a9:e4; fixed ip (fixed_ip): 172.10.1.2; eip: 120.1.1.2).
  • Cloud host vm-2 host machine: HOST2; mac: fa:16:3e:27:a9:e5; fixed_ip: 172.10.1.3; eip: 120.1.1.7).
  • the user wants to bind the cloud hosts to gateways in a gateway cluster whose vip is 10.60.0.1, and there are two gateways in the gateway cluster, which are x1 (ip of which is 10.124.6.2) and x2 (ip of which is 10.124.6.3) respectively.
  • the user may send an instruction to the SDN controller through a relevant interface of a terminal device, and the SDN controller automatically binds the two cloud hosts to the two gateways respectively.
  • the two gateways automatically configure respective binding information of the cloud hosts and the two gateways thereon. Compute nodes on the host machines configure a route in a data-output-direction.
  • vgwadm configures, through a command “route add”, that an external network request of “0941f7c6-0610-4a56-8088-8c9668660039 intra 0.0.0.0/0” is sent through a gateway with the address of 10.60.0.1.
  • the code may be: vgwadm route add 0941f7c6-0610-4a56-8088-8c9668660039 intra 0.0.0.0/0 gw 10.60.0.1.
  • the cloud host vm-1 selects a target gateway (that is, gateway x1 or gateway x2) according to the CIDR longest prefix matching rule described above, and then sends the data to the target gateway; then, the target gateway sends the data to the intranet switch, and the intranet switch forwards the data to the public network.
  • the data is first sent to the intranet switch; the intranet switch forwards the data to the target gateway (gateway x1 or gateway x2); then the target gateway sends the data to the host machine HOST1; and finally the data is sent to the cloud host vm-1.
  • the code for gateways is upgraded, and a new gateway x3 with a vip: 10.60.0.2 is expected to be online through gray release.
  • a mapping relationship “002->10.60.0.2” is configured through the SDN controller.
  • the SDN controller automatically configures routing information on the gateway x3: issuing “120.1.3.4-32” to the x3, and the configuration instruction is: inet 120.1.3.4/32 scope global dummy0.
  • the SDN control layer software module on the gateway x3 will automatically report the routing information to the intranet switch.
  • a route “vgwadm route add 9a37ddc8-ad85-4081-9af8-59a629f59c41 intra 0.0.0.0/0 gw 10.60.0.2” is configured on a compute node of a host machine where this cloud host is located.
  • the user “vgwadm” configures, through the command “route add”, that an external network request of “9a37ddc8-ad85-4081-9af8-59a629f59c41 intra 0.0.0.0/0” is sent through a gateway with the address of 10.60.0.2.
  • the gateway x3 Even if then internal user changes, for example, a new cloud host is added or a cloud host is deleted, the gateway x3 will automatically add or delete corresponding configuration.
  • the internal test user uses the gateway x3 that is online though the gray release regardless of the input direction or output direction.
  • the user may be bound to a gateway cluster through the SDN controller, thereby reaching the purpose of making a user monopolize a gateway.
  • a plurality of cloud hosts may run on a host machine, and at least two cloud hosts among the plurality of cloud hosts are respectively bound to different gateway clusters.
  • the plurality of cloud hosts may also be bound to one gateway cluster together.
  • Step S 220 sending, by the cloud host, data to the target gateway, to cause the target gateway to send the data to the corresponding intranet switch.
  • the intranet switch sends the data to the public network according to the flow table information, so that data from the cloud host is forwarded to the intranet switch through the target gateway in the corresponding target gateway cluster, and then forwarded to the public network through the intranet switch.
  • the second embodiment of the present application provides a method for transmitting data.
  • the cloud host as a data sender, first determines a target gateway according to a preset binding relationship between data senders and gateway clusters; and then sends data to the target gateway, to cause the target gateway to send the data to the corresponding intranet switch.
  • data sent from a cloud host to the public network can be forwarded through the target gateway in the corresponding target gateway cluster.
  • gateway clusters with different security levels can be set in advance according to user requirements, and user data with different security requirements is forwarded through different gateway clusters, which effectively improves the security of data transmission.
  • FIG. 4 is a structural block diagram of an apparatus for transmitting data 200 according to the third embodiment of the present application.
  • the apparatus is applicable to the above cloud computing network system 100 , and runs on an intranet switch.
  • the apparatus includes:
  • a data receiving module 210 configured for receiving data from a public network, and determining receiver information for the data according to information contained in the received data;
  • a target gateway cluster determination module 220 configured for determining a target gateway cluster corresponding to the receiver information according to the receiver information and a preset binding relationship between data receivers and gateway clusters;
  • a target gateway determination module 230 configured for determining a target gateway from the target gateway cluster according to a preset rule
  • a data forwarding module 240 configured for sending the received data to the target gateway, to cause the target gateway to forward the received data to a data receiver (a cloud host) corresponding to the receiver information.
  • the cloud computing network system 100 also includes a server installed with an SDN controller.
  • the preset binding relationship between data receivers and gateway clusters is obtained by binding the data receivers to the gateway clusters that are matched with the data receivers in advance through the SDN controller in the server according to user requirements.
  • the cloud computing network system 100 also includes a server installed with an SDN controller.
  • the gateway clusters are preset to have different security levels.
  • the preset binding relationship between data receivers and gateway clusters is obtained by binding the data receivers to the gateway clusters that are matched with the data receivers and have corresponding security levers in advance through the SDN controller in the server according to user requirements.
  • the target gateway determination module 230 is specifically configured for determining the target gateway from the target gateway cluster according to a classless inter-domain routing (CIDR) longest prefix matching rule.
  • CIDR classless inter-domain routing
  • FIG. 5 is a structural block diagram of an apparatus for transmitting data 300 according to the fourth embodiment of the present application.
  • the apparatus is applicable to the above cloud computing network system 100 and runs on a cloud host.
  • the apparatus includes:
  • a gateway determination module 310 configured for determining a target gateway according to a preset binding relationship between data senders and gateway clusters, wherein the target gateway is a gateway in a gateway cluster bound to the cloud host;
  • a data sending module 320 configured for sending data to the target gateway, to cause the target gateway to send the data to the corresponding intranet switch.
  • the cloud computing network system 100 also includes a server installed with an SDN controller.
  • the cloud hosts run on a host machine.
  • the preset binding relationship between data senders and gateway clusters is a binding relationship between the cloud hosts and the gateway clusters that are matched with the cloud hosts, which is configured by the SDN controller in the server in advance on the host machine for the cloud hosts according to user requirements.
  • the cloud computing network system 100 also includes a server installed with an SDN controller.
  • the cloud hosts run on a host machine, and the gateway clusters are preset to have different security levels.
  • the preset binding relationship between data senders and gateway clusters is a binding relationship between the cloud hosts and the gateway clusters that are matched with the cloud hosts and have corresponding security levels, which is configured by the SDN controller in the server in advance on the host machine for the cloud hosts according to user requirements.
  • a plurality of cloud hosts run on a host machine, and at least two cloud hosts among the plurality of cloud hosts are respectively bound to different gateway clusters.
  • FIG. 6 is a structural diagram of an intranet switch or a host machine according to an embodiment of the present application.
  • the intranet switch or host machine may include: at least one processor 410 , such as a CPU, at least one communication interface 420 , at least one memory 430 and at least one communication bus 440 .
  • the communication bus 440 is used to implement direct communication between these components.
  • the communication interface 420 of the device in the embodiment of the present application is used to communicate signals or data with other node devices.
  • the memory 430 may be a high-speed RAM memory or a non-volatile memory, such as at least one magnetic disk memory.
  • the memory 430 may optionally be at least one storage device located away from the processor.
  • a set of program codes is stored in the memory 430 , and the processor 410 executes the program codes stored in the memory 430 that is executed by the above intranet switch or host machine, to implement corresponding method processes.
  • embodiments of the present application provide a method, an apparatus, a device for transmitting data, and a readable storage medium.
  • the intranet switch first receives data from a public network, and determines receiver information for the data according to information contained in the received data; determines a target gateway cluster according to a preset binding relationship between data receivers and gateway clusters; then determines a target gateway from the target gateway cluster according to a preset rule; and then sends the received data to the target gateway to cause the target gateway to forward the received data to a data receiver corresponding to the receiver information.
  • the present method by binding data receivers and gateway clusters in advance, data from the public network can be forwarded to a data receiver through the target gateway in the corresponding target gateway cluster.
  • gateway clusters with different security levels can be preset in advance according to user requirements, and user data with different security requirements is forwarded through different gateway clusters, which effectively improves the security of data transmission.
  • each block in a flowchart or block diagram may represent a module, a program segment, or a part of the codes, which contains one or more executable instructions for implementing a specified logical function.
  • functions marked in the blocks may also be implemented in a different order than that marked in a drawing.
  • each block in the block diagrams and/or flowcharts, and combinations of blocks in the block diagrams and/or flowcharts can be implemented with a dedicated hardware-based system that performs specified functions or actions, or can be implemented with a combination of dedicated hardware and computer instructions.
  • the functions are implemented in the form of software functional modules and sold or used as an independent product, it can be stored in a computer-readable storage medium.
  • the technical solution of the present application may be embodied in the form of a software product, or a part that contributes to the prior art or a part of this technical solution may be embodied in the form of a software product.
  • This computer software product is stored in a storage medium, including instructions to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of steps of the methods according to the embodiments of the present application.
  • the above storage medium includes various mediums that can store program codes, such as a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk or an optical disk.
  • the present application provides a method, an apparatus, a device for transmitting data, and a readable storage medium.
  • data receivers By binding data receivers to gateway clusters in advance, data from the public network can be forwarded to a data receiver by the target gateway in the corresponding target gateway cluster, which effectively improves the security of data transmission.

Abstract

The present application provides a method, an apparatus, a device for transmitting data, and a readable storage medium, and relates to the technical field of cloud computing. The method includes: receiving, by an intranet switch, data from a public network, and determining receiver information for the data according to information contained in the received data; determining a target gateway cluster according to a preset binding relationship between data receivers and gateway clusters; determining a target gateway from the target gateway cluster according to a preset rule; sending the received data to the target gateway, to cause the target gateway to forward the received data to a corresponding data receiver. In the present method, by binding data receivers to gateway clusters in advance, data from the public network can be forwarded to a data receiver by the target gateway in the corresponding target gateway cluster. In this way, gateway clusters with different security levels may be preset in advance according to user requirements, and user data with different security requirements is forwarded through different gateway clusters, which effectively improves the security of data transmission.

Description

    CROSS-REFERENCE TO RELATED APPLICATIONS
  • This application is a U.S. National-Stage entry under 35 U.S.C. § 371 based on International Application No. PCT/CN2018/114393, filed Nov. 7, 2018 which was published under PCT Article 21(2) and which claims priority to Chinese Application No. 201711153175.6, filed Nov. 17, 2017, which are all hereby incorporated in their entirety by reference.
    • TECHNICAL FIELD
  • This Application pertains to the technical field of cloud computing, and in particular to a method, an apparatus, a device for transmitting data, and a readable storage medium.
    • BACKGROUND
  • Cloud computing is a flexible resource organization and provision method for information technology (referred to as “IT” for short), which can flexibly allocate large-scale server resources and quickly respond to concurrent requests or tasks from a lot of users. Many large multinational companies have already begun to migrate their businesses to cloud computing platforms. Until now, many well-known companies have successively built corresponding cloud computing centers on their own data centers and taken them as main development strategies in the future. Emerging Internet companies are considering turning their attention to public clouds as provided by Amazon, Dropbox, etc., to process their own business. Advantages of high availability, easy expansibility, and low service cost or the like of the cloud computing quickly make it favored by a large number of IT enterprises. However, with the rapid development of cloud computing, along with the development of mobile Internet and big data, higher requirements are inevitably placed on data center networks.
  • For public cloud or private cloud providers, gateways for data transmission are shared by all users in the network, that is, data from all users may be transmitted through each gateway. If some illegal users deliberately launch attacks to destroy a data forwarding function of a gateway, it is very likely to cause problems such as data leakage or data transmission crash or the like. In addition, other objects, desirable features and characteristics will become apparent from the subsequent summary and detailed description, and the appended claims, taken in conjunction with the accompanying drawings and this background.
    • SUMMARY
  • In view of above, the purpose of the present application is to provide a method, an apparatus, a device for transmitting data, and a readable storage medium, so as to improve the security of data transmission.
  • In the first aspect, an embodiment of the present application provides a method for transmitting data, which is applied to an intranet switch in a cloud computing network system. The system includes the intranet switch, at least two gateway clusters, and a plurality of data receivers having a binding relationship with the at least two gateway clusters, and each of the gateway clusters includes a plurality of gateways. The method includes: receiving data from a public network, and determining receiver information for the data according to information contained in the received data; determining a target gateway cluster corresponding to the receiver information according to the receiver information and a preset binding relationship between data receivers and gateway clusters; determining a target gateway from the target gateway cluster according to a preset rule; and sending the received data to the target gateway, to cause the target gateway to forward the received data to a data receiver corresponding to the receiver information.
  • In the second aspect, an embodiment of the present application provides a method for transmitting data which is applied to a cloud host in a cloud computing network system. The system includes an intranet switch, at least two gateway clusters, and a plurality of cloud hosts having a binding relationship with the at least two gateway clusters, and each of the gateway clusters includes a plurality of gateways. The method includes: determining, by a cloud host as a data sender, a target gateway according to a preset binding relationship between data senders and gateway clusters, wherein the target gateway is a gateway in a gateway cluster bound to the cloud host; and sending, by the cloud host, data to the target gateway, to cause the target gateway to send the data to the corresponding intranet switch.
  • In the third aspect, an embodiment of the present application provides an apparatus for transmitting data which is applied to an intranet switch in a cloud computing network system. The system includes the intranet switch, at least two gateway clusters, and a plurality of data receivers having a binding relationship with the at least two gateway clusters, and each of the gateway clusters includes a plurality of gateways. The apparatus includes: a data receiving module, configured for receiving data from a public network, and determining receiver information for the data according to information contained in the received data; a target gateway cluster determination module, configured for determining a target gateway cluster corresponding to the receiver information according to the receiver information and a preset binding relationship between data receivers and gateway clusters; a target gateway determination module, configured for determining a target gateway from the target gateway cluster according to a preset rule; and a data forwarding module, configured for sending the received data to the target gateway, to cause the target gateway to forward the received data to a data receiver corresponding to the receiver information.
  • In the fourth aspect, an embodiment of the present application provides an apparatus for transmitting data, which is applied to a cloud host in a cloud computing network system. The system includes an intranet switch, at least two gateway clusters, and a plurality of cloud hosts having a binding relationship with the at least two gateway clusters, and each of the gateway clusters includes a plurality of gateways. The apparatus includes: a gateway determination module, configured for determining a target gateway according to a preset binding relationship between data senders and gateway clusters, wherein the target gateway is a gateway in a gateway cluster bound to the cloud host; and a data sending module, configured for sending data to the target gateway, to cause the target gateway to send the data to the corresponding intranet switch.
  • In the fifth aspect, an embodiment of the present application provides a readable storage medium for storing a plurality of instructions, wherein the plurality of instructions are executed on a computer to cause the computer to carry out the method for transmitting data according to the first aspect.
  • In the sixth aspect, an embodiment of the present application provides a readable storage medium for storing a plurality of instructions, wherein the plurality of instructions are executed on a computer to cause the computer to carry out the method for transmitting data according to the second aspect.
  • In the seventh aspect, an embodiment of the present application provides a device for transmitting data. The device includes a memory and a processor, wherein the memory is configured for storing executable program codes, and the processor is configured for reading the executable program codes stored in the memory to carry out the method for transmitting data according to the first aspect.
  • In the eighth aspect, an embodiment of the present application provides a device for transmitting data. The device includes a memory and a processor, wherein the memory is configured for storing executable program codes, and the processor is configured for reading the executable program codes stored in the memory to carry out the method for transmitting data according to the second aspect.
  • In the ninth aspect, a computer program product containing instructions is provided. The product is executed on a computer, to cause the computer to carry out the method for transmitting data according to the first aspect.
  • In the tenth aspect, a computer program product containing instructions is provided. The product is executed on a computer, to cause the computer to carry out the method for transmitting data according to the second aspect.
  • In the eleventh aspect, a computer program is provided. The program is executed on a computer, to cause the computer to carry out the method for transmitting data according to the first aspect.
  • In the twelfth aspect, a computer program is provided. The program is executed on a computer, to cause the computer to carry out the method for transmitting data according to the second aspect.
  • Embodiments of the present application provide a method, an apparatus, a device for transmitting data, and a readable storage medium. The intranet switch first receives data from a public network, and determines receiver information for the data according to information contained in the received data; determines a target gateway cluster corresponding to the receiver information according to the receiver information and a preset binding relationship between data receivers and gateway clusters; then determines a target gateway from the target gateway cluster according to a preset rule; and then sends the received data to the target gateway to cause the target gateway to forward the received data to a data receiver corresponding to the receiver information. In the present method, by binding cloud hosts and gateway clusters in advance, data from the public network can be forwarded to a data receiver (such as a cloud host) through the target gateway in the corresponding target gateway cluster. In this way, gateway clusters with different security levels can be preset in advance according to user requirements, and user data with different security requirements is forwarded through different gateway clusters, which effectively improves the security of data transmission.
  • Other features and advantages of the present application will be explained in the following description, and will be partly apparent from the description, or be understood by implementing the embodiments of the present application. The purpose and other advantages of the present application can be achieved and obtained through the structures specifically indicated in the description, claims, and drawings.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • The present invention will hereinafter be described in conjunction with the following drawing figures, wherein like numerals denote like elements, and
  • FIG. 1 is a structural diagram of a cloud computing network system according to an embodiment of the present application;
  • FIG. 2 is a flowchart of a method for transmitting data according to a first embodiment of the present application;
  • FIG. 3 is a flowchart of a method for transmitting data according to a second embodiment of the present application;
  • FIG. 4 is a structural block diagram of an apparatus for transmitting data according to a third embodiment of the present application;
  • FIG. 5 is a structural block diagram of an apparatus for transmitting data according to a fourth embodiment of the present application;
  • FIG. 6 is a structural diagram of an intranet switch or a host machine according to an embodiment of the present application.
    •  DETAILED DESCRIPTION
  • The following detailed description is merely exemplary in nature and is not intended to limit the invention or the application and uses of the invention. Furthermore, there is no intention to be bound by any theory presented in the preceding background of the invention or the following detailed description.
  • The technical solution of embodiments of the present application will be described clearly and completely below in combination with the drawings of the embodiments of the present application. Obviously, the embodiments described are only some, not all, of the embodiments of the present application. Components of the embodiments of the present application, which are generally described and illustrated in the drawings herein, may be arranged and designed in various different configurations. Therefore, the following detailed description of the embodiments of the present application illustrated in the drawings is not intended to limit the scope of the claimed application, but merely represents selected embodiments of the present application. All other embodiments obtained by those skilled in the art based on the embodiments herein without any creative efforts are within the scope of the present application.
  • It should be noted that similar reference signs and letters indicate similar items in the following drawings. Thus once an item is defined in one figure, this item is not required to be further defined and explained in subsequent figures. Meanwhile, in the description of the present application, terms such as “first”, “second” and the like are only used to distinguish one element from another element, which should not be understood to indicate or imply their relative importance.
  • Referring to FIG. 1, FIG. 1 is a structural diagram of a cloud computing network system 100 according to an embodiment of the present application. The system includes an intranet switch, at least two gateway clusters, and a plurality of data receivers having a binding relationship with the at least two gateway clusters. A gateway cluster is composed of a plurality of gateways belonging to this gateway cluster.
  • The intranet switch is also called an intranet kernel, which is an inlet and outlet in the cloud computing network system 100 for data transmission between a data receiver (such as a cloud host) and a public network.
  • The gateway is a physical server. In practice, a plurality of gateways may be combined into a gateway cluster as required. One virtual IP address (referred to as “vip” for short) is assigned to gateways in each gateway cluster, that is, each gateway in the gateway cluster corresponds to the same vip, and each gateway in the gateway cluster has its own IP address different from the above vip.
  • The cloud host is a virtual machine running on a host machine (a physical machine), and a plurality of cloud hosts may run on a host machine.
  • It can be understood that the structure shown in FIG. 1 is only schematic. All the devices are not directly connected physically, and thus data will pass through other devices during network transmission. For example, a gateway and a host machine may be interconnected via a switch. The cloud computing network system 100 may further include more or fewer components than those shown in FIG. 1, or have a configuration different from that shown in FIG. 1.
    • First Embodiment
  • Referring to FIG. 2, FIG. 2 is a flowchart of a method for transmitting data according to the first embodiment of the present application. The method is applicable to the intranet switch of the above cloud computing network system 100. The method includes following steps.
  • Step S110: receiving data from a public network, and determining receiver information for the data according to information contained in the received data.
  • In sending, by a public network, data to a data receiver of an intranet in the form of data packets, the data from the public network is first forwarded through the intranet switch. The data packet includes an IP address of the data sender and an IP address of the data receiver, and also includes a media access control (referred to as “MAC” for short) address of the data sender and a MAC address of the data receiver. The intranet switch may forward the data according to the MAC address of the data receiver. After receiving the data, the intranet switch searches stored flow table information, which may be understood as routing information for data transmission. The MAC address and IP address of the data receiver are thus obtained by searching the flow table information, and then the data is forwarded to the data receiver.
  • It should be noted that the data receiver in the first embodiment of the present application may refer to a cloud host in the intranet.
  • Step S120: determining a target gateway cluster corresponding to the receiver information according to the receiver information and a preset binding relationship between data receivers and gateway clusters.
  • After receiving the data, the intranet switch finds, by means of the flow table information, that the data also needs to be sent to a corresponding gateway for forwarding, in order to send the data to the data receiver (such as a cloud host).
  • In a public cloud or a private cloud, a problem of low data security is caused due to the sharing of gateways by all users. For example, some high-risk users, which may have unknown abnormality packages due to their different business forms, some individual users, blacklisted users, or the like deliberately launch attacks to disable a gateway, which may affect most other users. Therefore, in order to avoid interference caused by data from other users on a public gateway and improve the security of data transmission, all gateways are divided to different gateway clusters in advance, that is, gateway clusters with different security levels are preset in advance, so that user data with different security requirements may be forwarded through a specific gateway cluster to ensure the security of user data transmission. According to actual requirements, a binding relationship between cloud hosts and gateway clusters may be set according to the cloud hosts, and a binding relationship between users and different gateway clusters may be set according to the users. As shown in FIG. 1, an example of setting the binding relationship between users and gateway clusters according to the users is taken. For example, user 1 is host machine 1, and user 2 is host machine 2. All cloud hosts in the host machine 1 are bound to gateway cluster 1, and all cloud hosts in the host machine 2 are bound to gateway cluster 2. Data from the user 1 is transmitted via a corresponding gateway in the gateway cluster 1. Data from the user 2 is transmitted via a corresponding gateway in the gateway cluster 2. Of course, both the user 1 and user 2 may be bound to one gateway cluster, such as gateway cluster 1, thus data from the user 1 and user 2 is transmitted via a corresponding gateway in the gateway cluster 1. An example of setting the binding relationship between cloud hosts and gateway clusters according to the cloud hosts is taken. For example, all cloud hosts in host machine 1 are bound to gateway cluster 1, or a part of cloud hosts in the host machine 1 are bound to the gateway cluster 1, and the remaining of cloud hosts are bound to gateway cluster 2. It should be noted that one cloud host is bound to one gateway cluster, that is, data transmission between this cloud host and the public network is performed through a corresponding gateway in this gateway cluster.
  • It should be noted that, in the case that the binding relationship between users and gateway clusters is set according to the users, if a user is bound to a target gateway cluster first, in order to prevent gateways of the target gateway cluster from malfunctioning or being congested during work, the user may perform data transmission through a backup gateway cluster. When the gateways of the target gateway cluster malfunction or are congested, the system administrator may modify the binding relationship between users and gateway clusters to make this user be bound to the backup gateway cluster, so that data may be migrated from the target gateway cluster to the backup gateway cluster for transmission.
  • In an implementation for binding users' cloud hosts to their corresponding gateway clusters in advance, the system also includes a server (not shown in FIG. 1) installed with a Software Defined Network (referred to as “SDN” for short) controller. The SDN controller in the server binds data receivers (cloud hosts) to gateway clusters matched them in advance according to user requirements to obtain the preset binding relationship between data receivers (cloud hosts) and gateway clusters, and then sends the binding relationship to the intranet switch.
  • If user 1 needs to bind cloud host 1-i to gateway cluster 1, then the cloud host 1-i is bound to gateway 1-i in the gateway cluster 1.
  • SDN is a new network innovation architecture of Emulex network, and an implementation of network virtualization. Its core technology, OpenFlow, realizes flexible control of network traffic by separating a control plane and data plane of a network device, making the network more smart as a pipeline.
  • The architecture of SDN is divided into an application layer, a control layer (SDN controller) and a forwarding layer (infrastructure layer), which forwards and controls data based on an OpenFlow protocol. This protocol provides a standard interface to enable the SDN controller and a network switching device (an intranet switch, a gateway, etc.) to communicate with each other.
  • An SDN forwarding layer software module and an SDN control layer software module are deployed on a gateway, and the gateway transmits data flows in the north-south direction of the SDN network (vertical communication, or external network communication, or communication between the public network and the host in the intranet). Furthermore, there are main components of a series of network virtualization products (such as eip, nat, slb). An SDN forwarding layer software module and an SDN control layer software module are also deployed on a host machine. The SDN forwarding layer software module and the SDN control layer software module are controlled by a server installed with an SDN controller.
  • The binding process between a cloud host and a gateway cluster is controlled and implemented by the SDN controller. A specific example is taken for illustration. Taking a public cloud product as an example, a user purchases a cloud host and binds the cloud host with an eip. The eip is an elastic IP of the cloud host. The eip may be understood as the IP address of the cloud host. The SDN control layer software modules on the gateway and the host machine are controlled by the SDN controller to generate corresponding configuration information according to the binding relationship between the cloud host and the eip, and the SDN forwarding layer software modules on the gateway and the host machine perform corresponding processes according to the configuration information.
  • If a user needs to bind his/her cloud host (data receiver) to a gateway cluster, the SDN controller sends the binding relationship to the intranet switch. For example, the eip of a user's cloud host is 120.1.1.1. If the user wants to bind the cloud host to a gateway cluster whose vip is 10.1.1.1, the user may send one configuration instruction to the SDN controller through a control interface of the terminal. The SDN controller automatically configures one piece of mapping information to bind the cloud host to the gateway cluster, such as 120.1.1.1->10.1.1.1, and then sends the configuration information to the intranet switch. All gateways of this gateway cluster are also bound to this cloud host. If the IP of a gateway is 10.124.6.2, the SDN controller automatically configures one piece of mapping information according to the instruction sent by the user through the terminal to bind the cloud host to this gateway, such as 120.1.1.1->10.1.1.1->10.124.6.2. The cloud host may be bound to a plurality of gateways, and each gateway may also be bound to a plurality of cloud hosts. In this way, the SDN controller implements the binding of the cloud host and the corresponding gateway cluster. Furthermore, the SDN controller automatically sends the configuration information to the intranet switch.
  • For another example, there are two gateways, x1 (10.124.6.2) and x2 (10.124.6.3), and their corresponding vip is: 10.60.0.1. The floating_ip (also referred to as eip, elastic ip, which may be bound/unbound to/from any cloud host) network segment purchased by a public cloud service provider is 120.1.0.0/16. A user sends one instruction to the SDN controller through a relevant interface of a terminal device. The SDN controller issues 120.1.0.0/16 to the x1 and x2, and the configuration instruction is “inet 120.1.0.0/16 scope global dummy0”. The SDN control layer software modules on the gateways x1 and x2 will automatically report their respective routing information to the intranet switch.
  • The intranet switch can obtain the following information:
  • 10.60.0.1
  • 10.124.6.2:120.1.0.0/16
  • 10.124.6.3:120.1.0.0/16
  • Thus, a gateway cluster is automatically bound to a cloud host, and the cloud host is automatically bound to a gateway in the gateway cluster, through the SDN controller.
  • Step S130: determining a target gateway from the target gateway cluster according to a preset rule.
  • In the process of receiving data by a data receiver (cloud host), if the intranet switch, after receiving the data, finds that the eip of the data receiver (cloud host) is 120.1.1.1 according to the configuration information, the intranet switch sends the data to a corresponding gateway in a gateway cluster (whose vip is 10.1.1.1) bound to the cloud host to forward the data. The gateway cluster is used as the target gateway cluster, and a target gateway is determined from the target gateway cluster for forwarding the data. In the present embodiment, the preset rule refers to a preset classless inter-domain routing (CIDR) longest prefix matching rule, which is to determine a target gateway. Of course, other rules may also be defined. For example, any gateway in the gateway cluster is randomly selected for forwarding data.
  • CIDR is a method for creating additional addresses on the Internet. These addresses are provided to a service provider (ISP) and then assigned to users by the ISP. CIDR centralizes routings to enable one IP address to represent thousands of IP addresses served by a main backbone provider, thereby reducing the burden of internet routers.
  • The CIDR longest prefix matching rule refers to IP longest prefix address matching, that is, network number matching. For example, there are two gateways in a gateway cluster. The IP of gateway 1 is 120.10.0.0/16, the IP of gateway 2 is 120.10.20.0/24, and the eip of a cloud host bound to the gateway cluster is 120.10.20.3/24. The network number of gateway 2 is matched with that of the cloud host, and data is thus sent preferably to the gateway 2 for forwarding the data. In case the gateway 2 is unavailable, the gateway 1 is selected for forwarding the data.
  • Of course, when determining the target gateway through the CIDR longest prefix matching rule, the intranet switch may search for the target gateway by related algorithms, such as a longest prefix matching algorithm based on hash tables, a segmented IP lookup table method based on longest prefix matching, and an Internet protocol version 6 (referred to as “IPV6” for short) longest prefix matching routing lookup algorithm, and so on.
  • Step S140: sending the received data to the target gateway, to cause the target gateway to forward the received data to a data receiver corresponding to the receiver information.
  • After determining the target gateway through the above rule, the intranet switch forwards the data to the target gateway, so that the target gateway obtains the MAC address and IP address of a data receiver (cloud host) from the data, and then searches the stored routing information, and sends the data to a data receiver (cloud host) corresponding to the receiver information according to the MAC address of the data receiver (cloud host).
  • The first embodiment of the present application provides a method for transmitting data. The intranet switch first receives data from a public network, determines receiver information for the data according to information contained in the received data; determines a target gateway cluster according to the receiver information and a preset binding relationship between data receivers and gateway clusters; determines a target gateway from the target gateway cluster according to a preset rule; and then sends the received data to the target gateway to cause the target gateway to forward the received data to a data receiver corresponding to the receiver information. In the present method, by binding data receivers and gateway clusters in advance, data sent from the public network to a data receiver can be forwarded through the target gateway in the corresponding target gateway cluster. In this way, gateway clusters with different security levels can be preset in advance according to user requirements, and user data with different security requirements is forwarded through different gateway clusters, which effectively improves the security of data transmission.
    • Second Embodiment
  • Referring to FIG. 3, FIG. 3 is a flowchart of a method for transmitting data according to the second embodiment of the present application. The method is applicable to a cloud host of the above cloud computing network system 100. The method includes following steps.
  • Step S210: determining, by a cloud host as a data sender, a target gateway according to a preset binding relationship between data senders and gateway clusters, wherein the target gateway is a gateway in a gateway cluster bound to the cloud host.
  • When a cloud host sends data to a public network as a data sender, the cloud host needs to be bound to a gateway cluster in advance.
  • The system also includes a server installed with an SDN controller. The cloud hosts run on a host machine. The preset binding relationship between data senders and gateway clusters is a binding relationship between the cloud hosts and the gateway clusters that are matched with the cloud hosts, which is configured by the SDN controller in the server in advance on the host machine for the cloud hosts according to user requirements.
  • For example, a user (id 001) has two cloud hosts run on two host machines respectively. Cloud host vm-1 (host machine: HOST1; mac: fa:16:3e:27:a9:e4; fixed ip (fixed_ip): 172.10.1.2; eip: 120.1.1.2). Cloud host vm-2 (host machine: HOST2; mac: fa:16:3e:27:a9:e5; fixed_ip: 172.10.1.3; eip: 120.1.1.7). The user wants to bind the cloud hosts to gateways in a gateway cluster whose vip is 10.60.0.1, and there are two gateways in the gateway cluster, which are x1 (ip of which is 10.124.6.2) and x2 (ip of which is 10.124.6.3) respectively. The user may send an instruction to the SDN controller through a relevant interface of a terminal device, and the SDN controller automatically binds the two cloud hosts to the two gateways respectively. The two gateways automatically configure respective binding information of the cloud hosts and the two gateways thereon. Compute nodes on the host machines configure a route in a data-output-direction. For example, user “vgwadm” configures, through a command “route add”, that an external network request of “0941f7c6-0610-4a56-8088-8c9668660039 intra 0.0.0.0/0” is sent through a gateway with the address of 10.60.0.1. The code may be: vgwadm route add 0941f7c6-0610-4a56-8088-8c9668660039 intra 0.0.0.0/0 gw 10.60.0.1. In sending data to the public network, the cloud host vm-1 selects a target gateway (that is, gateway x1 or gateway x2) according to the CIDR longest prefix matching rule described above, and then sends the data to the target gateway; then, the target gateway sends the data to the intranet switch, and the intranet switch forwards the data to the public network. In the process of transmitting data from the public network to cloud host vm-1, the data is first sent to the intranet switch; the intranet switch forwards the data to the target gateway (gateway x1 or gateway x2); then the target gateway sends the data to the host machine HOST1; and finally the data is sent to the cloud host vm-1.
  • In addition, the code for gateways is upgraded, and a new gateway x3 with a vip: 10.60.0.2 is expected to be online through gray release. There is an internal text user (id 002), and the eip of his/her cloud host vm-3 is 120.1.3.4. A mapping relationship “002->10.60.0.2” is configured through the SDN controller. The SDN controller automatically configures routing information on the gateway x3: issuing “120.1.3.4-32” to the x3, and the configuration instruction is: inet 120.1.3.4/32 scope global dummy0. The SDN control layer software module on the gateway x3 will automatically report the routing information to the intranet switch. A route “vgwadm route add 9a37ddc8-ad85-4081-9af8-59a629f59c41 intra 0.0.0.0/0 gw 10.60.0.2” is configured on a compute node of a host machine where this cloud host is located. With the above configuration, the user “vgwadm” configures, through the command “route add”, that an external network request of “9a37ddc8-ad85-4081-9af8-59a629f59c41 intra 0.0.0.0/0” is sent through a gateway with the address of 10.60.0.2. Even if then internal user changes, for example, a new cloud host is added or a cloud host is deleted, the gateway x3 will automatically add or delete corresponding configuration. The internal test user uses the gateway x3 that is online though the gray release regardless of the input direction or output direction. In addition, if a senior user wants to monopolize a gateway to avoid scrambling for resources, the user may be bound to a gateway cluster through the SDN controller, thereby reaching the purpose of making a user monopolize a gateway.
  • Of course, for the specific binding process and the process of determining the target gateway from the target gateway cluster according to a preset rule, reference may be made to the related description in the first embodiment, which is not repeated herein again.
  • It should be noted that a plurality of cloud hosts may run on a host machine, and at least two cloud hosts among the plurality of cloud hosts are respectively bound to different gateway clusters. Of course, the plurality of cloud hosts may also be bound to one gateway cluster together.
  • Step S220: sending, by the cloud host, data to the target gateway, to cause the target gateway to send the data to the corresponding intranet switch.
  • The intranet switch sends the data to the public network according to the flow table information, so that data from the cloud host is forwarded to the intranet switch through the target gateway in the corresponding target gateway cluster, and then forwarded to the public network through the intranet switch.
  • The second embodiment of the present application provides a method for transmitting data. The cloud host, as a data sender, first determines a target gateway according to a preset binding relationship between data senders and gateway clusters; and then sends data to the target gateway, to cause the target gateway to send the data to the corresponding intranet switch. In the present method, by binding cloud hosts and gateway clusters in advance, data sent from a cloud host to the public network can be forwarded through the target gateway in the corresponding target gateway cluster. In this way, gateway clusters with different security levels can be set in advance according to user requirements, and user data with different security requirements is forwarded through different gateway clusters, which effectively improves the security of data transmission.
    • Third Embodiment
  • Referring to FIG. 4, FIG. 4 is a structural block diagram of an apparatus for transmitting data 200 according to the third embodiment of the present application. The apparatus is applicable to the above cloud computing network system 100, and runs on an intranet switch. The apparatus includes:
  • a data receiving module 210, configured for receiving data from a public network, and determining receiver information for the data according to information contained in the received data;
  • a target gateway cluster determination module 220, configured for determining a target gateway cluster corresponding to the receiver information according to the receiver information and a preset binding relationship between data receivers and gateway clusters;
  • a target gateway determination module 230, configured for determining a target gateway from the target gateway cluster according to a preset rule;
  • a data forwarding module 240, configured for sending the received data to the target gateway, to cause the target gateway to forward the received data to a data receiver (a cloud host) corresponding to the receiver information.
  • As an implementation, the cloud computing network system 100 also includes a server installed with an SDN controller. The preset binding relationship between data receivers and gateway clusters is obtained by binding the data receivers to the gateway clusters that are matched with the data receivers in advance through the SDN controller in the server according to user requirements.
  • As an implementation, the cloud computing network system 100 also includes a server installed with an SDN controller. The gateway clusters are preset to have different security levels. The preset binding relationship between data receivers and gateway clusters is obtained by binding the data receivers to the gateway clusters that are matched with the data receivers and have corresponding security levers in advance through the SDN controller in the server according to user requirements.
  • As an implementation, the target gateway determination module 230 is specifically configured for determining the target gateway from the target gateway cluster according to a classless inter-domain routing (CIDR) longest prefix matching rule.
    • Fourth Embodiment
  • Referring to FIG. 5, FIG. 5 is a structural block diagram of an apparatus for transmitting data 300 according to the fourth embodiment of the present application. The apparatus is applicable to the above cloud computing network system 100 and runs on a cloud host. The apparatus includes:
  • a gateway determination module 310, configured for determining a target gateway according to a preset binding relationship between data senders and gateway clusters, wherein the target gateway is a gateway in a gateway cluster bound to the cloud host;
  • a data sending module 320, configured for sending data to the target gateway, to cause the target gateway to send the data to the corresponding intranet switch.
  • As an implementation, the cloud computing network system 100 also includes a server installed with an SDN controller. The cloud hosts run on a host machine. The preset binding relationship between data senders and gateway clusters is a binding relationship between the cloud hosts and the gateway clusters that are matched with the cloud hosts, which is configured by the SDN controller in the server in advance on the host machine for the cloud hosts according to user requirements.
  • As an implementation, the cloud computing network system 100 also includes a server installed with an SDN controller. The cloud hosts run on a host machine, and the gateway clusters are preset to have different security levels. The preset binding relationship between data senders and gateway clusters is a binding relationship between the cloud hosts and the gateway clusters that are matched with the cloud hosts and have corresponding security levels, which is configured by the SDN controller in the server in advance on the host machine for the cloud hosts according to user requirements.
  • As an implementation, a plurality of cloud hosts run on a host machine, and at least two cloud hosts among the plurality of cloud hosts are respectively bound to different gateway clusters.
  • Those skilled in the art may clearly understand that, for the convenience and brevity of the description, the specific working processes of the above apparatus may refer to the corresponding processes in the above method, which are not repeated herein again.
  • Referring to FIG. 6, FIG. 6 is a structural diagram of an intranet switch or a host machine according to an embodiment of the present application. The intranet switch or host machine may include: at least one processor 410, such as a CPU, at least one communication interface 420, at least one memory 430 and at least one communication bus 440. The communication bus 440 is used to implement direct communication between these components. The communication interface 420 of the device in the embodiment of the present application is used to communicate signals or data with other node devices. The memory 430 may be a high-speed RAM memory or a non-volatile memory, such as at least one magnetic disk memory. The memory 430 may optionally be at least one storage device located away from the processor. A set of program codes is stored in the memory 430, and the processor 410 executes the program codes stored in the memory 430 that is executed by the above intranet switch or host machine, to implement corresponding method processes.
  • In view of above, embodiments of the present application provide a method, an apparatus, a device for transmitting data, and a readable storage medium. The intranet switch first receives data from a public network, and determines receiver information for the data according to information contained in the received data; determines a target gateway cluster according to a preset binding relationship between data receivers and gateway clusters; then determines a target gateway from the target gateway cluster according to a preset rule; and then sends the received data to the target gateway to cause the target gateway to forward the received data to a data receiver corresponding to the receiver information. In the present method, by binding data receivers and gateway clusters in advance, data from the public network can be forwarded to a data receiver through the target gateway in the corresponding target gateway cluster. In this way, gateway clusters with different security levels can be preset in advance according to user requirements, and user data with different security requirements is forwarded through different gateway clusters, which effectively improves the security of data transmission.
  • According to several embodiments provided by the present application, it should be understood that the disclosed apparatus and method may also be implemented in other ways. The apparatus embodiments described above are only schematic. For example, the flowcharts and block diagrams in the accompanying drawings show possible architectures, functions, and operations of the apparatuses, methods, and computer program products according to various embodiments of the present application. In this regard, each block in a flowchart or block diagram may represent a module, a program segment, or a part of the codes, which contains one or more executable instructions for implementing a specified logical function. It should also be noted that in some alternative implementations, functions marked in the blocks may also be implemented in a different order than that marked in a drawing. For example, two consecutive blocks may actually be performed substantially in parallel, and they may sometimes be performed in a reverse order, depending on the function involved. It should also be noted that each block in the block diagrams and/or flowcharts, and combinations of blocks in the block diagrams and/or flowcharts, can be implemented with a dedicated hardware-based system that performs specified functions or actions, or can be implemented with a combination of dedicated hardware and computer instructions.
  • In addition, functional modules in various embodiments of the present application may be integrated together to form an independent part, or each module may exist independently, or two or more modules may be integrated to form an independent part.
  • If the functions are implemented in the form of software functional modules and sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present application may be embodied in the form of a software product, or a part that contributes to the prior art or a part of this technical solution may be embodied in the form of a software product. This computer software product is stored in a storage medium, including instructions to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of steps of the methods according to the embodiments of the present application. The above storage medium includes various mediums that can store program codes, such as a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk or an optical disk.
  • The above are only preferred embodiments of the present application, which are not intended to limit the present application. For those skilled in the art, various modifications and changes can be made to the present application. Any modifications, alternatives, improvements, or the like within the spirit and principle of the present application shall be included within the protection scope of the present application. It should be noted that similar reference signs and letters indicate similar items in the drawings, thus once an item is defined in one figure, this item is not required to be further defined and explained in subsequent figures.
  • The above are only specific implementations of the present application, and the protection scope of the present application is not limited to this. Within the technical scope disclosed by the present application, any changes or alternatives made by a person skilled in the art easily fall into the protection scope of the present application. Therefore, the protection scope of the present application shall be defined by the claims.
  • It should be noted that the relationship terms used herein such as “first”, “second”, and the like are only used for distinguishing one entity or operation from another entity or operation, but do not necessarily require or imply that there is any actual relationship or order between these entities or operations. Moreover, the terms “include”, “comprise” or any other variants thereof are intended to cover non-exclusive inclusions, so that processes, methods, articles or devices comprising a series of elements comprise not only those elements listed but also those not specifically listed or the elements intrinsic to these processes, methods, articles, or devices. Without further limitations, elements defined by the sentences “comprise(s) a . . . ” or “include(s) a . . . ” do not exclude that there are other identical elements in the processes, methods, articles, or devices which include these elements.
    • INDUSTRIAL APPLICABILITY
  • The present application provides a method, an apparatus, a device for transmitting data, and a readable storage medium. By binding data receivers to gateway clusters in advance, data from the public network can be forwarded to a data receiver by the target gateway in the corresponding target gateway cluster, which effectively improves the security of data transmission.
  • While at least one exemplary embodiment has been presented in the foregoing detailed description, it should be appreciated that a vast number of variations exist. It should also be appreciated that the exemplary embodiment or exemplary embodiments are only examples, and are not intended to limit the scope, applicability, or configuration of the invention in any way. Rather, the foregoing detailed description will provide those skilled in the art with a convenient road map for implementing an exemplary embodiment, it being understood that various changes may be made in the function and arrangement of elements described in an exemplary embodiment without departing from the scope of the invention as set forth in the appended claims and their legal equivalents.

Claims (20)

1. A method for transmitting data, applicable to an intranet switch in a cloud computing network system, wherein the system comprises the intranet switch, at least two gateway clusters, and a plurality of data receivers having a binding relationship with the at least two gateway clusters, and each of the gateway clusters comprises a plurality of gateways; wherein the method comprises:
receiving data from a public network, and determining receiver information for the data according to information contained in the received data;
determining a target gateway cluster corresponding to the receiver information according to the receiver information and a preset binding relationship between data receivers and gateway clusters;
determining a target gateway from the target gateway cluster according to a preset rule; and
sending the received data to the target gateway, to cause the target gateway to forward the received data to a data receiver corresponding to the receiver information.
2. The method of claim 1, wherein the system further comprises a server, the method further comprises:
receiving the binding relationship sent by the server, wherein the binding relationship is obtained by binding the data receivers to the gateway clusters that are matched with the data receivers in advance through an SDN controller in the server according to user requirements.
3. The method of claim 1, wherein the system further comprises a server, and the gateway clusters are preset to have different security levels; and
the preset binding relationship between data receivers and gateway clusters is obtained by binding the data receivers to the gateway clusters that are matched with the data receivers and have corresponding security levers in advance through an SDN controller in the server according to user requirements.
4. The method of claim 1, wherein determining a target gateway from the target gateway cluster according to a preset rule comprises:
determining the target gateway from the target gateway cluster according to a classless inter-domain routing (CIDR) longest prefix matching rule.
5. A method for transmitting data, applicable to a cloud host in a cloud computing network system, wherein the system comprises an intranet switch, at least two gateway clusters, and a plurality of cloud hosts having a binding relationship with the at least two gateway clusters, and each of the gateway clusters comprises a plurality of gateways; wherein the method comprises:
determining, by a cloud host as a data sender, a target gateway according to a preset binding relationship between data senders and gateway clusters, wherein the target gateway is a gateway in a gateway cluster bound to the cloud host; and
sending, by the cloud host, data to the target gateway, to cause the target gateway to send the data to the corresponding intranet switch.
6. The method of claim 5, wherein the system further comprises a server, and the cloud hosts run on a host machine; and
the preset binding relationship between data senders and gateway clusters is a binding relationship between the cloud hosts and the gateway clusters that are matched with the cloud hosts, which is configured by an SDN controller in the server in advance on the host machine for the cloud hosts according to user requirements.
7. The method of claim 5, wherein the system further comprises a server, the cloud hosts run on a host machine, and the gateway clusters are preset to have different security levels; and
the preset binding relationship between data senders and gateway clusters is a binding relationship between the cloud hosts and the gateway clusters that are matched with the cloud hosts and have corresponding security levels, which is configured by an SDN controller in the server in advance on the host machine for the cloud hosts according to user requirements.
8. The method of claim 6, wherein the plurality of cloud hosts run on the host machine, and at least two cloud hosts among the plurality of cloud hosts are respectively bound to different gateway clusters.
9. An apparatus for transmitting data, applicable to an intranet switch in a cloud computing network system, wherein the system comprises the intranet switch, at least two gateway clusters, and a plurality of data receivers having a binding relationship with the at least two gateway clusters, and each of the gateway clusters comprises a plurality of gateways, wherein the apparatus comprises:
a data receiving module, configured for receiving data from a public network, and determining receiver information for the data according to information contained in the received data;
a target gateway cluster determination module, configured for determining a target gateway cluster corresponding to the receiver information according to the receiver information and a preset binding relationship between data receivers and gateway clusters;
a target gateway determination module, configured for determining a target gateway from the target gateway cluster according to a preset rule; and
a data forwarding module, configured for sending the received data to the target gateway, to cause the target gateway to forward the received data to a data receiver corresponding to the receiver information.
10. The apparatus of claim 9, wherein the system further comprises a server, and the preset binding relationship between data receivers and gateway clusters is obtained by binding the data receivers to the gateway clusters that are matched with the data receivers in advance through an SDN controller in the server according to user requirements.
11. The apparatus of claim 9, wherein the system further comprises a server, and the gateway clusters are preset to have different security levels; and
the preset binding relationship between data receivers and gateway clusters is obtained by binding the data receivers to the gateway clusters that are matched with the data receivers and have corresponding security levers in advance through an SDN controller in the server according to user requirements.
12. The apparatus of claim 9, wherein the target gateway determination module is further configured for determining the target gateway from the target gateway cluster according to a classless inter-domain routing (CIDR) longest prefix matching rule.
13. An apparatus for transmitting data, applicable to a cloud host in a cloud computing network system, wherein the system comprises an intranet switch, at least two gateway clusters, and a plurality of cloud hosts having a binding relationship with the at least two gateway clusters, and each of the gateway clusters comprises a plurality of gateways; wherein the apparatus comprises:
a gateway determination module, configured for determining a target gateway according to a preset binding relationship between data senders and gateway clusters, wherein the target gateway is a gateway in a gateway cluster bound to the cloud host; and
a data sending module, configured for sending data to the target gateway, to cause the target gateway to send the data to the corresponding intranet switch.
14. The apparatus of claim 13, wherein the system further comprises a server, and the cloud hosts run on a host machine; and
the preset binding relationship between data senders and gateway clusters is a binding relationship between the cloud hosts and the gateway clusters that are matched with the cloud hosts, which is configured by an SDN controller in the server in advance on the host machine for the cloud hosts according to user requirements.
15. The apparatus of claim 13, wherein the system further comprises a server, the cloud hosts run on a host machine, and the gateway clusters are preset to have different security levels; and
the preset binding relationship between data senders and gateway clusters is a binding relationship between the cloud hosts and the gateway clusters that are matched with the cloud hosts and have corresponding security levels, which is configured by an SDN controller in the server in advance on the host machine for the cloud hosts according to user requirements.
16. The apparatus of claim 14, wherein the plurality of cloud hosts run on the host machine, and at least two cloud hosts among the plurality of cloud hosts are respectively bound to different gateway clusters.
17. A non-transitory readable storage medium for storing a plurality of instructions, wherein the plurality of instructions are executed on a computer to cause the computer to carry out the method of claim 1.
18. A non-transitory readable storage medium for storing a plurality of instructions, wherein the plurality of instructions are executed on a computer to cause the computer to carry out the method of claim 5
19. A device for transmitting data, comprising a memory and a processor, wherein the memory is configured for storing executable program codes, and the processor is configured for reading the executable program codes stored in the memory to carry out the method for transmitting data according to claim 1.
20. A device for transmitting data, comprising a memory and a processor, wherein the memory is configured for storing executable program codes, and the processor is configured for reading the executable program codes stored in the memory to carry out the method for transmitting data according to claim 5.
US16/765,146 2017-11-17 2018-11-07 Data transmission method, device, equipment, and readable storage medium Abandoned US20200351328A1 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
CN201711153175.6A CN109802985B (en) 2017-11-17 2017-11-17 Data transmission method, device, equipment and readable storage medium
CN201711153175.6 2017-11-17
PCT/CN2018/114393 WO2019096050A1 (en) 2017-11-17 2018-11-07 Data transmission method, device, equipment, and readable storage medium

Publications (1)

Publication Number Publication Date
US20200351328A1 true US20200351328A1 (en) 2020-11-05

Family

ID=66538503

Family Applications (1)

Application Number Title Priority Date Filing Date
US16/765,146 Abandoned US20200351328A1 (en) 2017-11-17 2018-11-07 Data transmission method, device, equipment, and readable storage medium

Country Status (5)

Country Link
US (1) US20200351328A1 (en)
CN (1) CN109802985B (en)
RU (1) RU2742542C1 (en)
SG (1) SG11202004582YA (en)
WO (1) WO2019096050A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112929299A (en) * 2021-01-27 2021-06-08 广州市品高软件股份有限公司 SDN cloud network implementation method, device and equipment based on FPGA accelerator card
CN114679428A (en) * 2022-04-07 2022-06-28 上海数禾信息科技有限公司 Method, device, computer equipment and storage medium for adding EIP on NAT rule
CN114745757A (en) * 2022-04-22 2022-07-12 苏州浪潮智能科技有限公司 Cluster switching method, device, equipment and medium
CN114760317A (en) * 2022-03-18 2022-07-15 中国建设银行股份有限公司 Fault detection method of virtual gateway cluster and related equipment
CN115866092A (en) * 2022-11-24 2023-03-28 中国联合网络通信集团有限公司 Data forwarding method, device, equipment and storage medium

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110784337B (en) * 2019-09-26 2023-08-22 平安科技(深圳)有限公司 Cloud service quality monitoring method and related products
CN110650024A (en) * 2019-09-29 2020-01-03 秒针信息技术有限公司 Method and device for opening public cloud
CN110995513B (en) * 2019-12-27 2023-02-17 远景智能国际私人投资有限公司 Data sending and receiving method in Internet of things system, internet of things equipment and platform
CN113765801B (en) * 2020-07-16 2024-02-09 北京京东尚科信息技术有限公司 Message processing method and device applied to data center, electronic equipment and medium
CN112423322B (en) * 2020-11-18 2022-09-06 青岛海尔科技有限公司 Model information sending method, device, storage medium and electronic device
CN112769977B (en) * 2021-01-27 2022-07-29 杭州迪普科技股份有限公司 NAT public network address publishing method and device
CN113364672B (en) * 2021-06-29 2022-12-30 中星电子股份有限公司 Method, device, equipment and computer readable medium for determining media gateway information
CN113765710A (en) * 2021-08-24 2021-12-07 中国人寿保险股份有限公司上海数据中心 Request processing system and method based on multi-active hybrid cloud deployment
CN113810296A (en) * 2021-09-10 2021-12-17 北京百度网讯科技有限公司 Method and device for shunting clustered gateway, storage medium and electronic equipment
CN114338510B (en) * 2021-12-09 2023-07-07 北京华云安信息技术有限公司 Data forwarding method and system for controlling and forwarding separation
CN114726796A (en) * 2022-03-31 2022-07-08 阿里云计算有限公司 Flow control method, gateway and switch
CN114915633A (en) * 2022-04-21 2022-08-16 阿里云计算有限公司 Method, device and medium for scheduling users to gateway cluster in public cloud network

Family Cites Families (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101193432B (en) * 2006-11-21 2011-01-05 中兴通讯股份有限公司 Method and system for realizing mobile value-added secure service
US20120096269A1 (en) * 2010-10-14 2012-04-19 Certes Networks, Inc. Dynamically scalable virtual gateway appliance
CN102196049B (en) * 2011-05-31 2013-06-26 北京大学 Method suitable for secure migration of data in storage cloud
CN102223365B (en) * 2011-06-03 2014-02-12 杭州华三通信技术有限公司 User access method and device based on SSL (Secure Socket Layer) VPN (Virtual Private Network) gateway cluster
US10200493B2 (en) * 2011-10-17 2019-02-05 Microsoft Technology Licensing, Llc High-density multi-tenant distributed cache as a service
US8874103B2 (en) * 2012-05-11 2014-10-28 Intel Corporation Determining proximity of user equipment for device-to-device communication
CN102843420A (en) * 2012-07-02 2012-12-26 上海交通大学 Fuzzy division based social network data distribution system
CN103838770A (en) * 2012-11-26 2014-06-04 ***通信集团北京有限公司 Logic data partition method and system
CN103902498B (en) * 2013-12-18 2016-12-07 曲阜师范大学 A kind of software definition server system towards Heterogeneous Computing and method
EP3143733B1 (en) * 2014-05-13 2018-12-05 Telefonaktiebolaget LM Ericsson (publ) Virtual flow network in a cloud environment
CN104243265B (en) * 2014-09-05 2018-01-05 华为技术有限公司 A kind of gateway control method, apparatus and system based on virtual machine (vm) migration
CN104363187B (en) * 2014-10-29 2017-09-29 工业和信息化部电信传输研究所 A kind of things-internet gateway resource response method and apparatus
CN104468293B (en) * 2014-11-28 2018-12-28 国家信息中心 VPN cut-in method
CN106211152B (en) * 2015-04-30 2019-09-06 新华三技术有限公司 A kind of wireless access authentication method and device
CN104869125B (en) * 2015-06-09 2020-04-17 上海斐讯数据通信技术有限公司 SDN-based dynamic MAC address spoofing prevention method
CN106302175A (en) * 2015-06-29 2017-01-04 联想(北京)有限公司 Data packet sending method in a kind of SDN and equipment
CN105099779B (en) * 2015-07-29 2018-10-12 北京京东尚科信息技术有限公司 Multi-tenant cloud platform framework
JP6556875B2 (en) * 2015-12-31 2019-08-07 華為技術有限公司Huawei Technologies Co.,Ltd. Software-defined data center and service cluster placement method there
CN107306215B (en) * 2016-04-18 2020-07-17 ***通信集团江西有限公司 Data processing method, system and node
CN107332793B (en) * 2016-04-28 2020-10-16 华为技术有限公司 Message forwarding method, related equipment and system
US10033646B2 (en) * 2016-05-12 2018-07-24 International Business Machines Corporation Resilient active-active data link layer gateway cluster
CN106130806B (en) * 2016-08-30 2020-05-22 上海华通铂银交易市场有限公司 Data layer real-time monitoring method
CN106375295B (en) * 2016-08-30 2019-09-13 康剑兰 Data store monitoring method
CN106452966A (en) * 2016-11-02 2017-02-22 河南智业科技发展有限公司 Multi-gateway management realization method for OpenStack cloud desktop
CN106789667B (en) * 2016-11-21 2021-01-01 华为技术有限公司 Data forwarding method, related equipment and system
CN106899518B (en) * 2017-02-27 2022-08-19 腾讯科技(深圳)有限公司 Resource processing method and device based on Internet data center
CN107135134B (en) * 2017-03-29 2019-09-13 广东网金控股股份有限公司 Private network cut-in method and system based on virtual switch and SDN technology

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112929299A (en) * 2021-01-27 2021-06-08 广州市品高软件股份有限公司 SDN cloud network implementation method, device and equipment based on FPGA accelerator card
CN114760317A (en) * 2022-03-18 2022-07-15 中国建设银行股份有限公司 Fault detection method of virtual gateway cluster and related equipment
CN114679428A (en) * 2022-04-07 2022-06-28 上海数禾信息科技有限公司 Method, device, computer equipment and storage medium for adding EIP on NAT rule
CN114745757A (en) * 2022-04-22 2022-07-12 苏州浪潮智能科技有限公司 Cluster switching method, device, equipment and medium
CN115866092A (en) * 2022-11-24 2023-03-28 中国联合网络通信集团有限公司 Data forwarding method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN109802985B (en) 2021-01-29
SG11202004582YA (en) 2020-06-29
RU2742542C1 (en) 2021-02-08
CN109802985A (en) 2019-05-24
WO2019096050A1 (en) 2019-05-23

Similar Documents

Publication Publication Date Title
US20200351328A1 (en) Data transmission method, device, equipment, and readable storage medium
US11265368B2 (en) Load balancing method, apparatus, and system
CN112470436B (en) Systems, methods, and computer-readable media for providing multi-cloud connectivity
US10356097B2 (en) Domain name system and method of operating using restricted channels
US9806944B2 (en) Network controller and a computer implemented method for automatically define forwarding rules to configure a computer networking device
CA2968964C (en) Source ip address transparency systems and methods
EP3404878B1 (en) Virtual network apparatus, and related method
US9871720B1 (en) Using packet duplication with encapsulation in a packet-switched network to increase reliability
US8955093B2 (en) Cooperative network security inspection
US10205698B1 (en) Source-dependent address resolution
US20140230044A1 (en) Method and Related Apparatus for Authenticating Access of Virtual Private Cloud
CN107113241B (en) Route determining method, network configuration method and related device
US9577943B1 (en) Tiered services in border gateway protocol flow specification
WO2016108140A1 (en) Ccn fragmentation gateway
EP3160092B1 (en) Method and device for network resource balancing
US10181031B2 (en) Control device, control system, control method, and control program
US9246804B1 (en) Network routing
US10476779B1 (en) Configuring a topology of devices to support scaling of an exchange point
US11252034B1 (en) Generating candidate links and candidate paths before selecting links for an optimized optical network plan
CN115150114A (en) Intent-based enterprise security using dynamic learning of network segment prefixes
US10455449B1 (en) Achieving symmetric data path steering across a service device
JP6307906B2 (en) Packet transfer apparatus, packet transfer system, and packet transfer method
US20220217202A1 (en) Capability-aware service request distribution to load balancers
US9853885B1 (en) Using packet duplication in a packet-switched network to increase reliability
Fujikawa et al. Multiplexing communication routes with proxy-network to avoid intentional barriers in large scale network

Legal Events

Date Code Title Description
AS Assignment

Owner name: BEIJING KINGSOFT CLOUD TECHNOLOGY CO., LTD., CHINA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:QIU, QINGYONG;REEL/FRAME:052714/0234

Effective date: 20200420

Owner name: BEIJING KINGSOFT CLOUD NETWORK TECHNOLOGY CO., LTD., CHINA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:QIU, QINGYONG;REEL/FRAME:052714/0234

Effective date: 20200420

STPP Information on status: patent application and granting procedure in general

Free format text: APPLICATION DISPATCHED FROM PREEXAM, NOT YET DOCKETED

AS Assignment

Owner name: BEIJING KINGSOFT CLOUD TECHNOLOGY CO., LTD., CHINA

Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE RECEIVING PARTY DATA PREVIOUSLY RECORDED AT REEL: 052714 FRAME: 0234. ASSIGNOR(S) HEREBY CONFIRMS THE ASSIGNMENT;ASSIGNOR:QIU, QINGYONG;REEL/FRAME:054266/0443

Effective date: 20200420

Owner name: BEIJING KINGSOFT CLOUD NETWORK TECHNOLOGY CO., LTD., CHINA

Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE RECEIVING PARTY DATA PREVIOUSLY RECORDED AT REEL: 052714 FRAME: 0234. ASSIGNOR(S) HEREBY CONFIRMS THE ASSIGNMENT;ASSIGNOR:QIU, QINGYONG;REEL/FRAME:054266/0443

Effective date: 20200420

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: FINAL REJECTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: ADVISORY ACTION MAILED

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION